package cn.com.git.workflow.config.security;


import cn.com.git.common.util.object.JSONUtils;
import cn.com.git.common.util.security.JwtUtils;
import cn.com.git.workflow.service.dto.AuthenticationTokenDTO;
import org.apache.shiro.authc.AuthenticationToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * 授权过滤器
 * @author Administrator
 */
public class AuthenticationFilter extends BasicAuthenticationFilter {

    @Value("${spring.profiles.active}")
    private String profile;

    @Value("${jwt.token.key}")
    private String jwtKey;

    @Autowired
    private LoginContext loginContext;



    public AuthenticationFilter(AuthenticationManager authenticationManager) {
        super(authenticationManager);
    }

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
//        String header = request.getHeader("Authorization");
//        if (header == null) {
//            chain.doFilter(request, response);
//            return;
//        }
//        UsernamePasswordAuthenticationToken authentication = getAuthentication(request);
        UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("test", null, null);
        SecurityContextHolder.getContext().setAuthentication(authentication);
        chain.doFilter(request, response);

    }

    /**
     * 获取权限
     * @param request
     * @return
     */
    private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest request) {
        String token = request.getHeader("Authorization");
        if (token != null && checkTocken(token)) {
            AuthenticationTokenDTO authenticationTokenDTO = this.setLoginContext(token,request);
            return new UsernamePasswordAuthenticationToken(authenticationTokenDTO.getSysUser().getAccount(), null, null);
        }
        return null;
    }

    /**
     * token 校验
     * @param token
     * @return
     */
    boolean checkTocken(String token){
        return JwtUtils.validateToken(token,jwtKey) ;
    }

    /**
     * 解析token,保存访问用户
     * @param token
     * @param request
     */
    AuthenticationTokenDTO setLoginContext(String token, HttpServletRequest request) {
        logger.debug("method=setLoginContext,params["+"token = [" + token + "], request = [" + request + "]"+"]");
        JwtUtils.TokenEntity entity = JwtUtils.parseToken(token,jwtKey);
        AuthenticationTokenDTO authenticationTokenDTO = JSONUtils.fromJson(entity.getSubject(),AuthenticationTokenDTO.class);
        loginContext.setCurrentUser(authenticationTokenDTO);
        return authenticationTokenDTO;
    }
}
